Slashdot Mirror
On The Privacy Subtleties Of GMail, Other Webmail
Brad Templeton writes "After talking with Google folks and learning about E-mail privacy law from EFF (join!) lawyers, I have written a new essay on the privacy subtleties of GMail and other advanced webmail applications. Some of the fear has been overdone, but there are surprising issues due to the fact that the ECPA, written almost 20 years ago, wasn't prepared for fancy e-mail offerings like GMail. I issue a call for Google to encrypt your mail to avoid these issues."
Google doesn't have to show you their databases.
"Uh, yeah, sure.... we're encrypting your emails... we can't read them..."
Might also note (as others will) it would be incredibly difficult to search emails if they are encrypted. Real-time decryption for 1GB of data then searching for a specific string? Fehgettaboutit!
Its not like email is "secure" or private anyway (at least here in the UK) remember RIP? I know that the government getting hold of your email is different to some random (evil) company getting it, but if you need security you would be using PGP anyway. Considering the way we are monitored and tracked already I doubt this would make much difference. People should know that on the net you don't get something for nothing and 1gig is quite a lot even today IMO.
I've been using Gmail and I find it incredibly useful. My favs:
1. The keyboard shortcuts: allows me to use web based email the way I use Pine.. do everything without touching the mouse even once.
2. The tracking of emails to display them as "conversations".. so neat, it looks almost obvious.
3. The much griped about text ads are totally unobtrusive, and (faint, faint) they do not even appear on all email pages. Google probably has some algorithm to decide which conversations can get targeted ads.
4. The address autocomplete - no more clicking on email addresses in a popup window to insert them. It works exactly like a proper client application (as different from a browser app)
5. To reply to an email, all I have to do is click in a textbox below the email and presto! the compose widgets are there.. great time saver.. and you can see the conversation on top.
and the best part..
6. The interface is so clean and clutter free - it has google written all over it!
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
Imagine, for example, a phone company that halves your rates in exchange for being allowed to sell transcripts of your phone conversations
Where did you get the ridiculous idea that Google is selling your email transcripts? Google is inserting text ads (automatically) in your email - the advertisers do not get to see your email.
Also, Google has mentioned that it won't be inserting ads indiscriminately - you can trust them to be intelligent enough not insert casket ads!
I've been using Gmail and I can vouch for the fact that the text ads do not even appear in all the pages - just a few emails - and not obtrusively like Yahoo! or Hotmail which put their ads right at the bottom of emails which get sent out - here only you see the ads which you may not even notice since they are just tiny text.
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
(a) (1) Except as provided in paragraph (2), a provider of e-mail or instant messaging services to California customers may not review, examine, or otherwise evaluate the content of a customer's outgoing or incoming e-mail or instant messages, unless that provider has a court order or is otherwise required by law to do so.
She is trying to outlaw gmail, though I think it also makes other things illegal. I don't know how google or others can index email unless they "review, examine, or otherwise evaluate the content". What other features does this make illegal? (spam is specifically exempted)
I think they've clarified they privacy policy to a level that us geeks should easily be able to understand... When you hit "delete", more often than not in computer land, your data is not immediately rendered unrecoverable. In most operating systems, deleted files are ushered over to a "holding bin" for a final clear-out command to really get rid of them in case we want to change our mind. Once the OS finally lets go of the file, the file system often takes the short cut of just removing the index pointers to the file and/or marking the space as "unused", but leaving the data still spinning on the drive until something eventually wants to use that space... let's face it, a "quick format" doesn't have time to hit every track on the drive, it's taking a shortcut and that's what makes it "quick". So, really, they're just saying that in order to make their magical mega-system work, "delete" isn't going to mean "Expunge it all right away!" but simply "Put in the pile that'll be discarded the next time the garbage collection process comes by." Therefore, they'll need to keep your "deleted" e-mails for an undisclosed length of time... they don't intend on keeping it forever, although they have to word the privacy policy in a way that might be misread that way because to do less just wouldn't be being honest. If you don't have root access to the e-mail system where you work, you don't really know if "delete really means delete" on that system either. Your boss may in fact have access to your e-mail... you might as well assume that they do unless you know otherwise.
people just arn't happy enough that they will get a gig to sodomise with their mail, they want it encryted. as if the gig alone isn't enough of an expendature on google's part, now people want them to expend more computing power to encrypt their mail!
Q: know why when you log into most web based email services only your password gets encrypted and not your whole session?
A: it's a resourse wasting whore, that's why. it may not be an issue for us, but when a server is getting thousands of requests that must be encrypted, well it uses more cycles than HL2 will.
stop whining. privacy and security is important, but this isn't new. have a blog? and web based email? then chances are very good that tons of your "deleted" info is still on servers.
p.s. as for the EFF, i don't trust anyone's site that requires me to have cookies enabled just to get to their homepage. being so concerned with privacy, you'd think they'd know better.
Personally I like the encryption idea and wish it was integrated into more webmail sites. Hushmail has a pretty interesting implementation of this, having all the email stored encrypted on the server and the user views their email locally by decrypting it with a java applet. I'm dissapointed more people aren't interested in encryption (if more people were maybe there would be more services like this).
Though I'm not sure if that could be implemented with gmail, how would you search and organize a gig of email without decrypting all of it?
As far as I can tell, Gmail's biggest problem is this: "Dear son, your grandma died suddenly. Details on the funeral ASAP. Call me." On the right hand side, google text ads hawking caskets, flowers, funeral homes. It's tacky, to say the least, and I have little respect for people who are willing to let ads into their private lives to this degree.
.5% clickthrough rate aren't welcome on Google's search engine... and a 1% CTR is demanded for ads that want to be displayed elsewhere on Google's network.
Google's proven smart about this kind of thing in the past. Ads that don't get at least a
I'm pretty sure that non-socially-acceptable ads will get thrown out of GMail. If people don't want to hear from any sponsor in a certain situation, GMail will react and not show ads when that situation comes up in the future.
Google AdSense takes the policy that when it doesn't have any likely-to-be-clicked ads to show, it mails in PSAs or lets the webmaster do something else with the space. They don't randomly guess four ads from the database in a random effort, they just mail it in.
So, the only way casket ads will show up in an e-mail thread about the death of grandma will be if people are actually clicking on such ads...
"As for inappropriate or insensitive targeting... I haven't noticed this to a be a problem yet. I sent a couple of test mails to my Gmail account, focusing linguistically on the theme of death and dying, and Gmail "outsmarted" me each time. That is to say, when I sent e-mails about "dying to see funny jokes... man, that last one had me out of breath, on the floor, and about ready to die!..." Gmail smartly showed ads for Joke stuff. When I wrote a note (thankfully untrue!) of equal length about a relative dying ("Isn't it funny how the doctors didn't notice anything strange about Aunt Martha before she died?... You have to laugh at the incompetence of medical staff nowadays..."), Gmail showed no ads whatsoever. I'm sure there will be instances in which Gmail's targeting results in ironic or even unpleasant juxtapositions, but it seems to me that this should be rare, and in the end probably no more likely than the scenario of a recently-widowed woman seeing an untargeted but equally jarring ad for "Single? Looking to date?" ad in her Yahoo mail."
Google is now giving Gmail accounts to active users of its blogger.com service. As seen here (Ev, of Blogger)
I just tried both. I sent two separate emails, one had abortion and miscarriage in both the subject line and the body (with some other text thrown in) and the other had car accident suicide and funeral. Neither of them turned up any ads in Gmail. Which leads me to believe that they probably have some categories for which they won't serve any ads in the email (Email after all is of a more personal nature than a web search where you are actually looking for information on that particular topic)
Thanks for suggesting the test.
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
To clarify what I talk about wrt Google encrypting the mail. That means several things, but the main thing is a call for them (and other webmail providers) to store the mail, indexes and associated data on their disks encrypted with a key derived from your password.
This would not slow anything down. When you logged in, your password would be used to decrypt the needed keys, and then your mail, and the pre-computed indexes, would be available to the software to provide all services. My understanding is that google already does this, as they use an encrypted filesystem on their servers -- the prime difference is that they would now be using your key instead of theirs.
When you log out, the key would be purged from memory. Nobody, not Google, not the government, could read the email records at that point. This is good for Google because if they show up with a court order to hand over your mail they can say "We don't have it." They can ask for a wiretap order to read your password should you log in again, but that is a much harder judicial process. Vastly harder.
There are other encryptions I suggest they do, but the above is the main one. I suggest they use SMTP over TLS. I suggest they support PGP and S/MIME encryption. In doing so, they would not be giving you something as secure as end to end encryption, but they would be doing more than you get by not using any crypto at all.
The government has no involvement here, except where it might try to ban the export of encryption. Fortunately we at the EFF fought very hard on this issue to make it much easier to do this, which is why you see encryption much more commonly in products. (Anybody remember all the hoops you used to have to go to to get a 128 bit SSL capable browser?)
Has it been over a year since you last donated to the Electronic Frontier Foundation
This issue has been greatly overblown. From one of the Gmail FAQs:
Does Gmail intend to keep copies of my email even after I've deleted it, or closed my account?
No. Google keeps multiple backup copies of messages so that we can recover them in case of errors or system failure. Even if a message has been deleted or an account is no longer active, messages may remain on our backup systems for some period of time. This is standard practice in the email industry, which Gmail and other major webmail services follow in order to provide a reliable service for users. However, Google will make reasonable efforts to remove deleted information from our systems as quickly as is practical.
"If you don't trust Google to keep your email private, why should you trust them to encrypt your email without using an escrow key or some equivalent?"
Just a wild guess, but I would bet good money that they would use public-key encryption.
Google cannot guarantee the permenant deletion of mail. Why can't they?
Maybe they're doing a good job of backing up their email servers.
Deleting a 10KB email from disk is easy. Deleting a copy of it from a tape, mixed in with 10 million other mail files, is a pain in the you-know-what.
And they might/should have multiple backups of that email you just deleted on different tapes, maybe even in different physical locations.
If you have an effective backup regime, permanently deleting every copy of a single piece of data can be a daunting task !
Serving Suggestion: Defrost